2 Unix SMB/CIFS implementation.
4 Implements functions offered by repadmin.exe tool under Windows
6 Copyright (C) Kamen Mazdrashki <kamen.mazdrashki@postpath.com> 2010
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "utils/net/net.h"
25 #include "lib/ldb/include/ldb.h"
26 #include "dsdb/samdb/samdb.h"
30 * Figure out what is the NDTS Settings objectGUID
31 * when DC_NAME is given
33 static struct ldb_dn *
34 net_drs_server_dn_from_dc_name(struct net_drs_context *drs_ctx,
39 struct ldb_dn *server_dn = NULL;
40 struct ldb_result *ldb_res;
41 static const char *attrs[] = {
49 mem_ctx = talloc_new(drs_ctx);
51 /* Make DN for Sites container */
52 dn = ldb_msg_find_attr_as_dn(drs_ctx->ldap.ldb, mem_ctx, drs_ctx->ldap.rootdse, "dsServiceName");
53 NET_DRS_CHECK_GOTO(dn != NULL, failed, "RootDSE doesn't have dsServiceName!?\n");
54 if (!ldb_dn_remove_child_components(dn, 4)) {
55 d_printf("Failed to make DN for Sites container.\n");
59 /* search for Server in Sites container */
60 ldb_err = ldb_search(drs_ctx->ldap.ldb, mem_ctx, &ldb_res,
61 dn, LDB_SCOPE_SUBTREE, attrs,
62 "(&(objectCategory=server)(|(name=%1$s)(dNSHostName=%1$s)))",
64 if (ldb_err != LDB_SUCCESS) {
65 d_printf("ldb_seach() failed with err: %d (%s).\n",
66 ldb_err, ldb_errstring(drs_ctx->ldap.ldb));
69 if (ldb_res->count != 1) {
70 d_printf("ldb_search() should return exactly one record!\n");
74 server_dn = talloc_steal(drs_ctx, ldb_res->msgs[0]->dn);
83 * Figure out what is the NDTS Settings objectGUID
84 * when DC_NAME is given
86 static bool net_drs_ntds_guid_from_dc_name(struct net_drs_context *drs_ctx,
88 struct GUID *_ntds_guid)
91 struct ldb_dn *server_dn;
92 struct ldb_result *ldb_res;
93 static const char *attrs[] = {
102 mem_ctx = talloc_new(drs_ctx);
104 /* resolve Server_DN for dc_name */
105 server_dn = net_drs_server_dn_from_dc_name(drs_ctx, dc_name);
107 d_printf("DSA object for %s could not be found.\n", dc_name);
111 /* move server_dn mem to local context */
112 server_dn = talloc_steal(mem_ctx, server_dn);
114 /* search ntdsDsa object under Server container */
115 ldb_err = ldb_search(drs_ctx->ldap.ldb, mem_ctx, &ldb_res,
116 server_dn, LDB_SCOPE_ONELEVEL, attrs,
117 "%s", "(|(objectCategory=nTDSDSA)(objectCategory=nTDSDSARO))");
118 if (ldb_err != LDB_SUCCESS) {
119 d_printf("ldb_seach() failed with err: %d (%s).\n",
120 ldb_err, ldb_errstring(drs_ctx->ldap.ldb));
123 if (ldb_res->count != 1) {
124 d_printf("ldb_search() should return exactly one record!\n");
128 *_ntds_guid = samdb_result_guid(ldb_res->msgs[0], "objectGUID");
130 talloc_free(mem_ctx);
134 talloc_free(mem_ctx);
139 * Sends DsReplicaSync to dc_name_dest to
140 * replicate naming context nc_dn_str from
141 * server with ntds_guid_src GUID
143 static bool net_drs_replicate_sync_nc(struct net_drs_context *drs_ctx,
144 struct GUID ntds_guid_src,
145 const char *nc_dn_str,
149 struct net_drs_connection *drs_conn;
150 struct drsuapi_DsReplicaSync req;
151 union drsuapi_DsReplicaSyncRequest sync_req;
152 struct drsuapi_DsReplicaObjectIdentifier nc;
154 /* use already opened connection */
155 drs_conn = drs_ctx->drs_conn;
157 /* construct naming context object */
161 /* construct request object for DsReplicaSync */
162 req.in.bind_handle = &drs_conn->bind_handle;
164 req.in.req = &sync_req;
165 req.in.req->req1.naming_context = &nc;
166 req.in.req->req1.options = options;
167 req.in.req->req1.source_dsa_dns = NULL;
168 req.in.req->req1.source_dsa_guid = ntds_guid_src;
170 /* send DsReplicaSync request */
171 status = dcerpc_drsuapi_DsReplicaSync_r(drs_conn->drs_handle, drs_ctx, &req);
172 if (!NT_STATUS_IS_OK(status)) {
173 const char *errstr = nt_errstr(status);
174 d_printf("DsReplicaSync RPC failed - %s.\n", errstr);
176 } else if (!W_ERROR_IS_OK(req.out.result)) {
177 d_printf("DsReplicaSync failed - %s (nc=[%s], dsa_guid=[%s]).\n",
178 win_errstr(req.out.result),
179 nc.dn, GUID_string(drs_ctx, &ntds_guid_src));
187 * 'net drs replicate' command entry point
189 int net_drs_replicate_cmd(struct net_context *ctx, int argc, const char **argv)
192 struct net_drs_context *drs_ctx;
193 struct GUID ntds_guid_src;
194 const char *dc_name_dest;
195 const char *dc_name_src;
196 const char *nc_dn_str;
198 /* only one arg expected */
200 return net_drs_replicate_usage(ctx, argc, argv);
203 dc_name_dest = argv[0];
204 dc_name_src = argv[1];
207 if (!net_drs_create_context(ctx, dc_name_dest, &drs_ctx)) {
211 /* Resolve source DC_NAME to its NDTS Settings GUID */
212 if (!net_drs_ntds_guid_from_dc_name(drs_ctx, dc_name_src, &ntds_guid_src)) {
213 d_printf("Error: DSA object for %s could not be found.\n", dc_name_src);
217 /* Synchronize given Naming Context */
218 bret = net_drs_replicate_sync_nc(drs_ctx,
219 ntds_guid_src, nc_dn_str,
220 DRSUAPI_DRS_WRIT_REP);
225 d_printf("Replicate from %s to %s was successful.\n", dc_name_src, drs_ctx->dc_name);
227 talloc_free(drs_ctx);
231 d_printf("Replicate terminated with errors.\n");
232 talloc_free(drs_ctx);
237 * 'net drs replicate' usage
239 int net_drs_replicate_usage(struct net_context *ctx, int argc, const char **argv)
241 d_printf("net drs replicate <Dest_DC_NAME> <Src_DC_NAME> <Naming Context>\n");